//package io.github.novaframe.config;
//
//import io.github.novaframe.security.Http401UnauthorizedEntryPoint;
//import io.github.novaframe.security.jwt.JWTConfigurer;
//import io.github.novaframe.security.jwt.JWTTokenProvider;
//import org.springframework.beans.factory.BeanInitializationException;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.builders.WebSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
//import org.springframework.web.filter.CorsFilter;
//
//import javax.annotation.PostConstruct;
//
///**
// * spring security配置
// * @author Locki
// * @create 2017-09-18 18:11
// */
//@Configuration
//@EnableWebSecurity // 开启Spring Security的功能
//@EnableGlobalMethodSecurity(prePostEnabled = true) // 启用基于注解的安全
//public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
//
//    private final NovaframeProperties novaframeProperties;
//    private final UserDetailsService userDetailsService;
//    private final AuthenticationManagerBuilder authenticationManagerBuilder;
//    private final CorsFilter corsFilter;
//
//    public WebSecurityConfiguration(NovaframeProperties novaframeProperties, UserDetailsService userDetailsService, AuthenticationManagerBuilder authenticationManagerBuilder, CorsFilter corsFilter) {
//        this.novaframeProperties = novaframeProperties;
//        this.userDetailsService = userDetailsService;
//        this.authenticationManagerBuilder = authenticationManagerBuilder;
//        this.corsFilter = corsFilter;
//    }
//
//    @Bean
//    public JWTTokenProvider jwtTokenProvider() {
//        return new JWTTokenProvider(novaframeProperties);
//    }
//
//    @Bean
//    public JWTConfigurer jwtConfigurer() {
//        return new JWTConfigurer(jwtTokenProvider());
//    }
//
//    @Bean
//    public PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder();
//    }
//
//    @Bean
//    public Http401UnauthorizedEntryPoint http401UnauthorizedEntryPoint() {
//        return new Http401UnauthorizedEntryPoint();
//    }
//
//    @PostConstruct
//    public void init() {
//        try {
//            authenticationManagerBuilder
//                    .userDetailsService(userDetailsService) // 设置UserDetailsService
//                    .passwordEncoder(passwordEncoder()); // 使用BCrypt进行密码的hash
//        } catch (Exception e) {
//            throw new BeanInitializationException("Security configuration failed", e);
//        }
//    }
//
//    @Override
//    public void configure(WebSecurity web) throws Exception {
//        // 允许对于网站静态资源的无授权访问
//        web
//            .ignoring()
//            .antMatchers(HttpMethod.OPTIONS, "/**")
//            .antMatchers("/app/**/*.{js,html}")
//            .antMatchers("/bower_components/**")
//            .antMatchers("/i18n/**")
//            .antMatchers("/content/**")
//            .antMatchers("/swagger-ui/index.html")
//            .antMatchers("/test/**")
//            .antMatchers("/h2-console/**");
//    }
//
//    /**
//     * 设置 HTTP 验证规则
//     * @param http
//     * @throws Exception
//     */
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http
//                .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
//                .exceptionHandling()
//                .authenticationEntryPoint(http401UnauthorizedEntryPoint())
//            .and()
//                .csrf()
//                .disable() // 由于使用的是JWT，关闭csrf验证
//                .headers()
//                .frameOptions()
//                .disable()
//            .and()
//                .sessionManagement()
//                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//            .and()
//                .authorizeRequests() // 对请求进行认证
//                .antMatchers("/auth/**").permitAll() // 对于获取token的rest api要允许匿名访问
//                .antMatchers(HttpMethod.POST, "/login").permitAll() // 所有 /login 的POST请求 都放行
//                .antMatchers("/hello").hasAuthority("AUTH_WRT") // 权限检查
//                .antMatchers("/world").hasRole("ADMIN") // 角色检查
//                .anyRequest().authenticated() // 除上面外的所有请求全部需要鉴权认证
//            .and()
//                .apply(jwtConfigurer());
//    }
//
//    /**
//     * 在内存中创建了一个用户，该用户的名称为user，密码为password，用户角色为USER。
//     * 通常可以用作系统内置用户
//     */
//    @Autowired
//    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//        auth
//                .inMemoryAuthentication()
//                .withUser("user").password("password").roles("USER");
//    }
//
//    //@Override
//    //protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//    //    // 使用自定义身份验证组件
//    //    auth.authenticationProvider(new CustomAuthenticationProvider());
//    //}
//}
